locked
Single Sign On Pass Through/Credentials RRS feed

  • Question

  • Good afternoon all. 

    I work for the University of Virginia and we have a limited deployment of UAG servers, one of which is not in production yet due to some requests by the customer/client department. 

    The current topology of the software is a static web front end with links to a private protected server, a public redacted website and a quiz/video for obtaining an internal account in the software.

    The private server and quiz pages use an ISAPI filter (currently pubcookie) to intercept and authenticate users. The computer id is then passed from the authentication server to the web server which is running cold fusion 9.0.0.2 and a MS-SQL 2012 backend. 

    As the private server has both FERPA and financial data, we needed to provide them with a more secure model and were leveraging using UAG to publish the assorted links, thus narrowing the exposed ports on the firewall, using obfuscation through UAG as the website they were being redirected to was a portal page but then the customer decided they didn't want an "extra link click" for the users as it might confuse them.

    I know that UAG can do SSO which is what the pubcookie ISAPI filter is a part of here (Netbadge is what it is called), and I was hoping we might be able to use UAG to provide the same capability that the Netbadge/pubcookie server can do.

    I've created a portal with no links in it yet, and added our AD and a RADIUS authentication piece and have successfully tested them while logging into the portal, my question is:

    Is there a way that someone would click on one of the private links, be directed to the UAG portal for authentication, then automatically forwarded to the URL the link initially was intended to go to without interaction of the user and pass along the credentials (userID/compID) to the software. If so, what would be a good manner to do this, where might I better learn how to perform this if it isn't simple enough to explain in a reply here.

    thank you in advance for any assistance folks can provide.

    Justin

    Monday, May 5, 2014 3:24 PM